Pinned toot

To be up against such threats you need a perfect IT knowledge of your network, state-of-art admin practices, up to date software, EDR deployed, detection capability, SOC w/ good people, etc. Nobody has everything everywhere. There will always be a chance for attacks to succeed.

If you often work on HTTP logs (IR analysis or threat detection), this teler tool could be handy

If Elon Musk and Jeff Bezos could start investing money into what we already have (ie. planet earth) instead of super-rich-dudes mars projects, that would be cool.

Looks like a bad signature matching some high-entropy (compressed/random) file :(

Also, this is eerily similar to the shadowbrokers stuff.

updated their post, it contains a mysterious hash as proof 25b23446e6c29a8a1a0aac37fc3b65543fae4a7a385ac88dc3a5a3b1f42e6a9e. A message for someone?

Logging in to an old BTC account and realize I have 0.2 left. Feels good man.

Never mind, it's just the public certificate (most probably). I got confused with the FEYE comment "Used to sign samples".

Also, does this mean anyone with VT access can just download it and sign binaries as SolarWinds?! Probably revoked by now... but wtf?

Is it normal to find a legitimate SolarWinds code-signing certificate, visible on VT since late 2019? 439bcd0a17d53837bc29fb51c0abd9d52a747227f97133f8ad794d9cc0ef191e (according to

The Russian Federation is not considered a "nation-state". So if you're going to attribute cyberattacks to Russia (or any state), please don't say "nation-state cyberattacks". The term "government-backed attacks" is probably best suited for most cases.

Note: that was probably not the entry point considering the binaries were signed.

SolarWinds is actually a very cool name to talk about supply chain attacks

Does APT29 really need to hack FireEye in order to get tools exploiting known vulns and some custom Cobalt Strike-like beacons? This was either opportunistic or a side-effect on their way to the real goods (ie. intelligence FEYE had on them). My 2 cents.

Show older

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!